Magicpin 2.1 User Registration cross site scripting

ArtículoeditarHistoryDiffjsonxmlCTI

Una vulnerabilidad fue encontrada en Magicpin 2.1 y clasificada como problemática. Una función desconocida del componente User Registration Handler es afectada por esta vulnerabilidad. No hay información respecto a posibles contramedidas. Se sugiere sustituir el producto con un equivalente.

Cronología

Usuario

Campo

Commit Conf

Approve Conf

IDComprometidoUsuarioCampoCambioObservacionesModeradoRazónC
107166282020-12-10VulD...cvss3_nvd_basescore6.1nist.gov2020-12-10aceptado90
107166272020-12-10VulD...cvss2_nvd_basescore4.3nist.gov2020-12-10aceptado90
107166262020-12-10VulD...cvss3_meta_tempscore5.2see documentation2020-12-10aceptado90
107166252020-12-10VulD...cvss3_meta_basescore5.2see documentation2020-12-10aceptado90
107166242020-12-10VulD...cvss2_nvd_aiNnvd.nist.gov2020-12-10aceptado70
107166232020-12-10VulD...cvss2_nvd_iiPnvd.nist.gov2020-12-10aceptado70
107166222020-12-10VulD...cvss2_nvd_ciNnvd.nist.gov2020-12-10aceptado70
107166212020-12-10VulD...cvss2_nvd_auNnvd.nist.gov2020-12-10aceptado70
107166202020-12-10VulD...cvss2_nvd_acMnvd.nist.gov2020-12-10aceptado70
107166192020-12-10VulD...cvss2_nvd_avNnvd.nist.gov2020-12-10aceptado70
107166182020-12-10VulD...cvss3_nvd_aNnvd.nist.gov2020-12-10aceptado70
107166172020-12-10VulD...cvss3_nvd_iLnvd.nist.gov2020-12-10aceptado70
107166162020-12-10VulD...cvss3_nvd_cLnvd.nist.gov2020-12-10aceptado70
107166152020-12-10VulD...cvss3_nvd_sCnvd.nist.gov2020-12-10aceptado70
107166142020-12-10VulD...cvss3_nvd_uiRnvd.nist.gov2020-12-10aceptado70
107166132020-12-10VulD...cvss3_nvd_prNnvd.nist.gov2020-12-10aceptado70
107166122020-12-10VulD...cvss3_nvd_acLnvd.nist.gov2020-12-10aceptado70
107166112020-12-10VulD...cvss3_nvd_avNnvd.nist.gov2020-12-10aceptado70
107166102020-12-10VulD...cve_nvd_summaryThere is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.cve.mitre.org2020-12-10aceptado70
107166092020-12-10VulD...cve_assigned1605654000cve.mitre.org2020-12-10aceptado70

Do you know our Splunk app?

Download it now for free!